Friday, November 12, 2010

Guild Wars - All your stuff belong to us

The inevitable happened. I was horribly hacked. The game? Guild Wars. The Support staff? NCsoft.

The resolution? Unacceptable.

Wednesday night at around 11 pm EST, I logged off a very fruitful and awesome session of Guild Wars. I leave for bed, safe in the comfort that I have accomplished another step in my goal of building the Hall of Monuments, gearing up for Guild Wars 2.
I had been hard at work for about a month now, tackling various goals of gaining mini-pets, making VERY expensive armor, and completing missions I had never finished before.

Life was good.

Then I was violated.

At around 7:20 am EST, Thursday, Nov. 11th, 2010 - Veterans Day, I go to log in to Guild Wars. Ready for a full day of fun as I have the day off. My password does not work.
I check my caps lock, and it is ok. I type it again....eh? Does not work. I quickly check my email to see if any changes have been made to my password...someone trying to get access? Or have I been banned?

I log into my NCsoft master account just fine, and proceed to use their built in password changer. Please note, to change your password for Guild Wars, all you have to do is put in your new pass...and you're done. Compared to Aion, which asks for your old pass, then a new pass...which I feel is a better system. So, password in hand, I log in.

And my Elementalist is just in underwear. AGHHHHHH

I proceed to go into the game and check the storage. Tons of missing goods. All of my standard mats which had full stacks, empty. Tons of rare mats, like 2 Sapphires, 150+ Steel Ingots...gone. A stack of black dye (9 of them) GONE!!!

And so much more. Every character has had at least one piece of armor destroyed or major runes taken off. This includes Heroes. Even a stack of Stone Summit Badges, a memory from my launch days when everyone in my huge 100 member guild would give them to me as a joke; gone, Gone, GONE.

So begins the painful process. I enter a ticket, with a heavy heart, to NCsoft support. Thus the odyssey begins.

In my days of playing, I have never had a "hack" like this. Especially with an account so full of stuff. WoW had an issue with an unplayed account two years ago. We did not have much there, so I did not care. Blizzard proved to be VERY helpful by restoring cash and goods. then they proceeded to ban my account for non-payment by the hacker. That was never resolved.

Like I said. Didn't care. It was rectified, and if I wanted to, I could get this taken care of.

Moving on. I entered my ticket about 30 minutes or less after the login. Explained the issue. Noted the most glaring concern. Why did I not get an email with my password change? I could not login until after I changed my password that morning. And after I made MY change, I got an email. So, how between the hours of 11pm and 7am did I not get the email?

About 6 hours later, and no answer, so it was time to elevate. I hit the phone number, got a response and got told I owned my account (go figure). They elevated this to another person.

About 4 hours later an answer on my first ticket. Seems no one has accessed my account except from my IP. WTF? They also show no password change between 11pm to 7am. How is this possible?

I explained how this could not be. I checked my router for access logs. No go. They noted keyloggers or virus...I scan; nothing. So, how was this possible?

Next update comes almost 2 hours later. Seems they caught two people from Germany using IP spoofing to login to my account. But, here comes the worst part of that response....

"While I would like to replace your items, the Guild Wars Support Team does not have the capability to replace characters or items, whether they are lost through the actions of unfriendly players, deletion accidents, or through other means."

This doesn't make sense.

Now, I will not bore you with the back and forth on this. There was a lot. The password issue has not been resolved (NCsoft says no password change took place?). Anyways, two more replies of me pleading and asking for clarification of their policies. For example, how can items "magically" appear for Birthdays, or Runes or Dyes be tracked in sales for pricing...yet, they cannot track my stuff.

Note...tracking or "returning" is never an option here. All NCSoft kept saying, especially with this final doozy of a reply is...

"Although I wish there was a way to restore or compensate for your losses, there are no tools, executables, or buttons to accomplish this request."

This of course leads to many questions. Does Guild Wars just create items out of thin air then? Is there a preset number of items in the world (which could make sense...but, then if something is used up, how is it replenished?). Why can't NCsoft (since they caught the hackers) go through their inventory and return what can be found, or said cash equaling lost goods?

What has BEEN proven is that the NCsoft websites and services are a very insecure, unsecure and non-safe environment for your data and your virtual goods.

Thanks to some awesome Tweeters, I will be getting some things back (Thanks to Longasc and Avery, who have offered platinum and items)...but, the feeling of losing years of memories is like a house burning down. You can't those goods back, but insurance does cover those costs of replacement.

NCsoft takes your money and offers no assurance of your safety.

Now, I am sure you have lots of questions on what happened, so please send the comments my way. So far, the ticket stays open, with a request of elevation. But, I fear it is gone, never to be returned.

Out of all this, I fear most for Guild Wars 2 and accepting this companies refusals to offer any help to recover from such damages down the road.

2 comments:

The poor quality of account security and the directive not to restore anything lost show a disregard for the customer that poorly reflects on Guild Wars, even if the blame is to put on support.

They *could* restore stuff. They have done it. But only when you are in one of the "we have an ArenaNet employee in our guild" guilds. There are some. They also got special achievement recognition for helping and testing and all that.

This did not prevent them from getting hacked, but so far they got everything restored. You know, we are all equal, but some are more equal.

Well, actually I do not want to focus on this bias, but on the general policy of NO RESTORATION. Their competitors can do. Blizzard does, they apparently often restore even more than you lost sometimes. They are generous.

Guess what, that keeps a customer playing that would otherwise have quit. If they want people to use the shop in Guild Wars or Guild Wars 2, they really have to think about this policy!

I doubt it is going to change for Guild Wars 1.

But if they do not improve account security and support for Guild Wars 2, the game will be seriously handicapped. And seriously, for such a big company like NCsoft their level of account security and support is less than amateurish.

The worst thing is that it could happen to everyone and that people who got hacked once often got hacked several times. They refuse to change the email/account name. But the account name is compromised, the hackers know it and a char name on said account, which compromises security. They do not even give people a free name change token. Too much work, apparently. They do change the account name if you insist adamantly... if you piss them off so much that they finally give in. After they told you for months they are totally unable to change your email/account name.

It is apparently easier to hack your own account than to verify that you are the legal owner, which is outrageous. Hint, if you get GW, make sure to keep your original CD/Account key. This is the first thing they ask.

Well, given this kind of support and an apparently flawed security - I managed to log into someone else's account after entering my login and password on NCsoft's PlayNC page - I am quite concerned about my account.

Bad account security - checkBad support, no help - check

ArenaNet has to do something about this. It is not their fault, but it will reflect poorly on their products. NCsoft deserves a kick in the balls.

Oh wow. That deeply and truly sucks, but I can't say it surprises me that NCSoft won't return your stuff. The handful of customer service dealings I've had with them have been inconsistent, and their account security is renowned for being crappy.